When managing configuration for various services, you’ll (hopefully) end up having to install TLS certificates at some point. Instead of having to come up with the same logic in various modules, roles or formulas I’ve had an Ansible role for a while that bundled all the logic into a single role that used the vault to obtain all certificates, keys and bundles that needed to be managed on a given node.